1f5f42b47a20eb62f4ab352adffaf1839c41f988e695898dc107898ada336217

Sharing

Copy URL Twitter E-mail

General

Target

1f5f42b47a20eb62f4ab352adffaf1839c41f988e695898dc107898ada336217
Size

3.7MB
MD5

4716128998814d6bc31ccc37fe281f54
SHA1

b8ef3003f7816bd106014d2ef0a4c7e3d1c9137b
SHA256

1f5f42b47a20eb62f4ab352adffaf1839c41f988e695898dc107898ada336217
SHA512

b93c08472600c0fbd91c4449dfefa433a82cb457f4258c2b1c31b294bf90a86c8dd83f3cb50a5f5870234f6ac144571780ec26e8c7eb3e07c545cdc4d907e446
SSDEEP

49152:48y4dlpxO9SVR1o5TLI8TnXlCuDHwb0X3nJZCtu:48y4dbxmWo5TLI6HQS5Utu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f5f42b47a20eb62f4ab352adffaf1839c41f988e695898dc107898ada336217

Files

1f5f42b47a20eb62f4ab352adffaf1839c41f988e695898dc107898ada336217
.exe windows:6 windows x86 arch:x86

2600034c13daa2d65677b1ffdc9badd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\MetaTrader5\Build\Installers\Distributive Core\Release32\core.pdb

Imports

ws2_32

recv
shutdown
ioctlsocket
select
WSAGetLastError
WSAConnect
setsockopt
WSASocketW
WSARecv
WSASend
htons
WSAStartup
WSACleanup
GetAddrInfoW
FreeAddrInfoW
send
closesocket

crypt32

CertGetNameStringW

kernel32

GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FileTimeToDosDateTime
lstrcmpiW
RaiseException
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
InitializeCriticalSectionEx
GetCurrentProcessId
Thread32Next
ReadProcessMemory
ResumeThread
GetThreadContext
SuspendThread
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThread
Module32NextW
LockResource
FindResourceExW
Module32FirstW
GetProcessHandleCount
GetLocalTime
K32GetProcessMemoryInfo
GetEnvironmentVariableW
LocalFree
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
DecodePointer
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
OpenProcess
HeapSize
GetProcessHeap
CompareStringW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
GlobalFree
IsValidCodePage
FreeResource
FindNextFileW
CreateProcessW
GetUserDefaultUILanguage
GetDiskFreeSpaceExW
RemoveDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
TerminateThread
Process32FirstW
K32GetProcessImageFileNameW
Process32NextW
MoveFileExW
GlobalMemoryStatusEx
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
FindFirstFileW
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
EnumResourceNamesW
FindClose
FileTimeToSystemTime
DosDateTimeToFileTime
HeapReAlloc
HeapFree
HeapAlloc
GetModuleHandleW
GetCurrentProcess
GetNativeSystemInfo
DeviceIoControl
LoadLibraryW
GetProcAddress
GetModuleFileNameW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateFileW
GetFileSizeEx
SetFilePointer
GetLastError
ReadFile
VirtualAlloc
GetStdHandle
LCMapStringW
GetCPInfo
GetStringTypeW
GetACP
GetOEMCP
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FlushFileBuffers
FreeLibrary
VirtualFree
IsBadReadPtr
VirtualQuery
GetSystemDirectoryW
GetVolumeInformationW
SetStdHandle
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetConsoleOutputCP
GetVersionExW
GetSystemTimeAsFileTime
GetFileAttributesExW
HeapDestroy
GetFileAttributesW
CreateDirectoryW
SetFileAttributesW
HeapCreate
WriteFile
SetEndOfFile
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
SetThreadStackGuarantee
DeleteFileW
MultiByteToWideChar
Sleep
LeaveCriticalSection
GetExitCodeThread
EnterCriticalSection
InterlockedPushEntrySList
GetSystemInfo
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
CopyFileW
OutputDebugStringW

user32

SetForegroundWindow
BringWindowToTop
DialogBoxParamW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
EnableWindow
LoadIconW
LoadBitmapW
MessageBeep
MessageBoxW
ShowWindow
GetWindowRect
EndDialog
PostQuitMessage
LoadStringW
PostMessageW
IsWindowVisible
LoadImageW
SetTimer
KillTimer
SystemParametersInfoW
IsWindowEnabled
DrawFocusRect
SetCursor
TrackMouseEvent
GetCapture
GetCursorPos
UpdateWindow
OffsetRect
DrawTextW
SetRectEmpty
GetDlgCtrlID
GetTopWindow
GetWindowThreadProcessId
SetClassLongW
GetActiveWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageW
IsWindow
GetClassNameW
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
LoadCursorW
RegisterClassExW
UnregisterClassW
DefWindowProcW
CharLowerW
CharNextW
PostMessageA
GetSystemMetrics
PtInRect

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectW
BitBlt
GetStockObject
GetObjectW
GetDeviceCaps
DeleteDC
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetTextExtentPoint32W
GdiGradientFill
GetTextExtentPointW
TextOutW
RestoreDC
SaveDC
CreateFontW
EnumFontFamiliesExW
CreateDIBitmap
DeleteObject
GetDIBits

advapi32

AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyExW
RegEnumKeyW
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
OpenServiceW
QueryServiceStatus
ControlService
QueryServiceConfigW
RegQueryValueW
RegSetValueExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityW
GetTokenInformation
OpenProcessToken
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoTaskMemRealloc
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleUninitialize
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
OleInitialize

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
LoadRegTypeLi
VarUI4FromStr

shlwapi

PathFindExtensionW
PathCanonicalizeW

comctl32

DestroyPropertySheetPage
PropertySheetW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Create
ImageList_SetBkColor
ImageList_AddMasked
ImageList_Draw
ImageList_Destroy
InitCommonControlsEx
CreatePropertySheetPageW

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

dbghelp

MiniDumpWriteDump
SymFunctionTableAccess64
SymGetModuleBase64
StackWalk64
SymSetOptions
SymLoadModule64
SymGetOptions
SymInitialize

gdiplus

GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdipCloneImage

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 958KB - Virtual size: 957KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 60.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2600034c13daa2d65677b1ffdc9badd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

bcrypt

dbghelp

gdiplus

wintrust

Sections

.text Size: 958KB - Virtual size: 957KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 88KB - Virtual size: 60.9MB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 958KB - Virtual size: 957KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 88KB - Virtual size: 60.9MB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

.reloc
Size: 31KB - Virtual size: 30KB